Page 2 of 2
Inflation in this underground economy occurs when security mechanisms render old techniques outdated, requiring more technical expertise and investment from the hacker, Thompson said.
Subsequently, Thompson recommended that truly protecting data will require organizations automatically to factor security into their IT infrastructure.
"Security is about mitigating risk at some cost," he said, adding that many security organizations actually overspend on security because they haven't assessed their risk. Perhaps surprisingly, "most cost of breaches comes from simple failures, not form attacker ingenuity," he said. "This is an important lesson for us to learn."
Most users will make naturally poor decisions about security simply because it's not intuitive from a performance or usability standpoint. Therefore, organizations will have to make security an inherent part of their culture by enabling users to make the best security choices, he said.
"We need to outsource the minimal amount of security decisions to the user or make it easy for them to make good security choices," he said. "Security is everyone's responsibility. It needs to be weaved in. We all have to understand security risks to some degree."
Register now to attend COMDEXvirtual or to access on-demand sessions.